We have to realize that science is a double-edged sword. One edge of the sword can cut against poverty, illness, disease and give us more democracies, and democracies never war with other democracies, but the other side of the sword could give us nuclear proliferation, biogerms and even forces of darkness.
-Michio Kaku-

Believe it or not, the vast majority of people these days are used to set their password as relatively simple as they thought it would be strong enough to protect their account from any potential hackers. If you are one of these people, you will realize that sooner or later your account will be hacked. It is absolutely true especially for me.

Last night, January 24th, 2016 at 10:51 PM (Pakistan Standard Time), I discovered that my gmail account has been hacked by somebody from Pakistan. Hopefully, Gmail security system has prevented this sign-in attempt.

First and foremost, when Google started introducing this kind of alert security system on their gmail platform, I was quite reluctant and annoyed every time I signed in from several different devices. Several security questions such as what is your first dog’s name?, where did you born?, what is your maiden name ?, etc. really pissed me off. Therefore, I always deactivated the security protections on my email accounts altogether.

Starting from last night, It has completely blew my mind and changed my prospective towards the cyber-security threat forever. Keeping you alert and waking up at night, just because your account has been hacked, it made me think a better way of managing my passwords and prevent any further cyber threats in the near future.

Not just stopping until that point. When I checked my yahoo account that I used as a backup and recovery email for my gmail account, I found something similar.

I found even more astonishing facts that my yahoo account has been hacked since 2 months ago without any further notification whatsoever.

It shows that somehow, I have given full access and authorization towards my yahoo account from several different countries like Kyrgyzstan, Bosnia and Herzegovina, Russia, Ukraine, … up to Spain and Turkey. There are 33 countries in total.

As simple as you can imagine, it is only an email account. However, if you think carefully, all bank account, paypal, and any online payment systems nowadays are based on internet. Hence, all of your details related to your bank accounts are also based on online system. Moreover, most of the banks these days will send your bank account details to your personal email address.

Guess, what ???

This means that once somebody hacks your email account, they will have full control over your overall credentials including your bank account, paypal, and any other payment details. Although, it sounds simple and really scary, it does look like that the cybercrime attack works that way. Regardless of how, what, why, when, where, who questions behind that, the most important thing that we have to do is to protect ourselves from the cybercrime attack.

Lorrie Faith Cranor studied thousands of real passwords to figure out the surprising, very common mistakes that users — and secured sites — make to compromise security. And how, you may ask, did she study thousands of real passwords without compromising the security of any users? That’s a story in itself. It’s secret data worth knowing, especially if your password is 123456 …

Based on the study that Lorrie Faith Cranor did from 470 students, faculty and staff, was, “Disturbingly enough, 80 percent of people said they were reusing their password. Moreover, CMU allows 32 possible symbols, but as you can see, there’s only a small number that most people are using, so we’re not actually getting very much strength from the symbols in our passwords.”

So, how do we know that we have chosen a strong password ?

Let’s start by taking a closer look at the current password requirements. The Passwords must contain characters from three of the following five categories:

Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)

Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)

Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

Some people might think that the longer the password the better it would be. It’s not absolutely true. Based on Lorrie’s study, “So this suggests that, instead of telling people that they need to put all these symbols and numbers and crazy things into their passwords, we might be better off just telling people to have long passwords. Now here’s the problem, though: Some people had long passwords that actually weren’t very strong. You can make long passwords that are still the sort of thing that an attacker could easily guess. So we need to do more than just say long passwords.”

All in all, the bottom line of the study that they have created shows that, “When people make passwords, people either tends to make something that’s really easy to type, a common pattern, or things that remind them of the word password or the account that they’ve created the password for, or whatever. Or they think about things that make them happy, and they create their password based on things that make them happy. And while this makes typing and remembering their password more fun, it also makes it a lot easier to guess their password. So I know a lot of these passwords make you think about nice, happy things, but when you’re creating your password, try to think about something else.”

So, next time when you create a password, please think that this password will impact to your bank account security altogether. All in all, this makes you more aware of the importance of having more complicated, not easy to guess password, and most importantly, the passwords that not just make you happy but keep you safe and have good sleep at night.